SAS is running a meta data server with in core-database. With this approach a 64-bit OS is a requirement.
If you would go with a 32-bit system you will opposed with the 2Gb limit sizing and get it at unwanted moments.
supported Operating Systems with SAS

Somewhere you have the business-data stored you want to analyse. Choose an OS that has the lest limitations to reach those data.

Seek for comparisons OS compared wiki
Choose one with the lest problems to manage in your situation. Linux IOS Android are look a like s, see: Unix

Choose one you can manage well at a pricing acceptable for you in aspect of Performance. A GRID approach, servers working together, is a good approach in heavy loads.
For fall back scenarios a grid environment is the basic idea. See SAS Tuning &amp design chapter.
With 9.x meta data server this is the starting point to design/implement.

There is no fundamental reason to do a security implementation different on these operating systems.
Just the way you have to do it is different. It it is the way of implementation of security.

Yes of course it is possible to get a secure environment. But see the security notes at Unix.

Windows is the most advanced easy to manage. See the security notes at Windows.

Mainframe (Z/OS) is very well. Still central managed and high quality. Just to get all involved machines central managed isn&acutet possible.

Home

Must be manageable. This is where personal settings and also programs and data is stored

To be solved by mount-points. The home location can be stressful by other guidelines

For home we have the challenge of the requirement of running a personal session.
Within server environments this can be blocked by server administrators
Windows has now mklink options to redirect .

to be solved by Storage management (HSM SMS) of the mainframe. The classic mainframe home approach is the same as using TSO

SAS Work

Must be manageable. The is generic maintained storage to be used during the processing of tasks.

To be solved by mount-points. Some more different locations possible in aspect to tuning

By default it is part of users home (local temp). Within server environments this can be blocked by server administrators, needing an other location.

to be solved by Storage management (HSM SMS) of the mainframe. The classic mainframe home approach has explicitly limitations on sizing on files.

Business Storage

Must be manageable by you business.

Is solved by mount-points.

Is solved by network-shares. Within 2008 (Win7) it look likes coming up the mount points approach. Never the less no dedicated locations on servers should be used.

to be solved by Storage management (HSM SMS) of the mainframe.

Maintenance business

should be possible. During migrations you need sometimes other (logical) machines.

With Unix this is not commonly implemented. Pvcs from serena is a well known tool

With Windows this is not commonly implemented. However when DTAP is recognized shares and security groups will be present. Eeclipse for java development with (rational) support for life cyclemanagement is in contrary well known and designed.

Mainframe hsitory is full of this DTAP approach. Tools like Endevor from CA SCM exist for a lng time.

Maintenance middelware

should be possible. During migrations you need sometimes two versions of SAS on one machine.

An Unix version is the best to have. It is as simple to copy the software to the designed location

Windows is the worst option to have
The thing that bothers is the windows-registry. This is updated with the installation of SAS. When two versions of SAS are on the same machine they will have in no time conflicting requirements

Mainframe is normally maintained in is own mainframe way. This is not the same as the way SAS does (see installing).

Performance

It is mostly hardware driven. Tuning to get it well running is mostly requiring more adequate knowledge.

A shared also named grid environment is possible if NSF is allowed

little possibilities to tune, you should choose a tier design appropriate. As most effort in the market is on this hardware it will be mostly no problem

Can be very well tuned as it is designed for high availability multi-user

Unix (Server)

Security notes

How much you have to do with file- and map attributes (chmod) at your users and support

Normal read/write/execute at owner and group level and the differences at directories versus files must be understood

The Set Group ID (SGID) and Sticky bit at directory level must be understood. These options are needed to get it implemented secured

The usage with dedicated keys to isolate to special functions &amp functionality is a requirement following the limitations. ACL approach options exist but not standard.

Not able to get it central managed. Need for additional administrators

The Set User ID (SUID) is needed just by the spawners as documented. Must be accepted by security and auditing

Basics of Unix with UID (User IDentification) and GID (Group IDentification) are the numbers (32-bit limit 64K, 64-bit higer?) identifying a group or user. Logical names are not leading, they are just shown if known.

Generic notes future

Many Unix versions exist. The basic principles are almost the same. So you can select one of supported versions.
Unix and all look a like (Linux Apple Android) is hobbyistic.
What I mean that in contrary to IBM Microsoft &amp Apple there is no leader in the development/evolution or standardization.

A lot of tools on the market to get something implemented, not standardized by the supplier. The supplier doesn't exist as there are so many of them.

The market development is evolving to the Unix approach. So we have a lot of challenges.

Windows (Server)

Security notes

The AD (Active Directory) approach guarantees a central managed monitored secure environments for all involved machines. This cannot be by-passed in a simple way.

The options with SAS are the most friendly with IWA (Integrated Windows Authentication).
The very advanced design of the security is leading to not easily to understand behavior. Resulting to some requirements with an installation to get running.

As the AD is mostly maintained with an old central organized department is often very to get something realized.
So having this advanced security option is its mostly not possible because of lack of cooperation. In such cases an Unix version is a better option

Windows has now takeown (take ownership) option looking the security to be the same basics as Unix.

Generic notes future

Microsoft is the owner and supplier of Windows.

The security has developed from absent in 1980&s to very advanced with Win-7.
With the strong tools like SQL-server, Office and a better price as most others (apple) Microsoft has good chances to be a leader for liong time.

Mainframe (Server)

Security notes

A point of concern is that the mainframe approach is considered to be outdated. The environment is not known well anymore. On the other side it one of the best in reliability tuning and performance.
In the installation with security some complete different options have to done. As the Mainframe is running an Unix kernel you also get all these issue to be done.

Mainframe Without integrations technologies

Servers without SAS integration technologies can be accessed
(biov) Overview of servers by:
SAS/CONNECT servers, which provide computing resources on remote machines where SAS Integration Technologies is not installed

You can use SAS data sets (tables), the default SAS storage format, to store data of any granularity.
(biov) Default SAS Storage by:
For shared access to SAS tables, you can use SAS/SHARE software, which provides concurrent Update access to SAS files for multiple users

For some years a presentation at global forum is given: &quotMakes the Mainframe Behave Like a Modern Computer&quot
061-2012 &nbsp &nbsp
106-2010 &nbsp &nbsp
053-2007 &nbsp &nbsp
065-31 &nbsp &nbsp
The keywords phrases are: Eguide using SAS/connect with rsubmit to get Mainframe data to a BI server.

IO Storage - networking

De business data must be stored somewhere (IO Storage) an it must be able to be processed (networking). So depending on the business needs, the hardware must be configured

When processing some settings in a personalized key environment must be available (home).
When processing temporary IO storage must be sufficient available and responding well enough (work).
Tuning is an operational process

Memory &amp CPU&acutes

The meta data server is running the meta data database in-core. When heavily loaded is should be setup in a dedicated logical machine.

The Mid tier is web-based. It should be easily to connect by a DNS-name. It can be a dedicated logical machine

The Server Tier, part Calculation , is running the business environment. It can share the same meta data server but running on different logical machines with the Object spawner as central point on each of them.

The business needs will result in a load that must be covered. In the installation guideline of each product some starting point can be found.
Tuning is an operational process

Anticipate &amp Extrapolate

Design with Performance &amp Tuning in mind

The experiences of the operational life supporting SAS should be taken into account. The design issues relating to performance I have place in separate chapters.
Virtualiaztion has advantages on total hardware usage. Performance shouldn&acutet be forgotten.

Additional notes

Default SAS Storage

You can use SAS data sets (tables), the default SAS storage format, to store data of any granularity.
(biov) Default SAS Storage by:
For shared access to SAS tables, you can use SAS/SHARE software, which provides concurrent Update access to SAS files for multiple users

The major SAS clients

Your server environment is at no use without clients, the client software. It is possible to run the server part on your desktop, on a virualized desktop it is not really sensible.
There are web-clients, but the are limited in fucntionality (see design figures)

An other important client is the office Addin (SAS AMO). Running SAS from MS-Outlook MS-PowerPoint MS-Word or MS-Excel.

These two clients are closely integrating within the Microsoft environment. Working with these client is very attractive.
At the moment of installing however, there are more technical requirements to be solved.

SAS Consultancy

Proceedings Forums

The proceedings /forums sugi documents contains a lot of architecture information, for example: 374-2011 re-architecting or
341-2009 Centrally managed Service Cite:
Creating the platform for SAS Business Analytics as a centrally managed service requires a carefully planned out
architecture for the hardware and software perspectives. However, over time this perpetuates a robust, manageable
and efficient set of applications that are easier to manage and faster to deploy yet they remain fault tolerant in relation
to each other. This type of architecture is better suited to an enterprise-level deployment in that economies of scale
provide much of the cost savings realized.

Some challenges to handle are:

How to position within a culture that is focussed on implementing machines & data center instead of real core business

As the SAS account manager is focussed on license income, how to design a effective and at best cost environment for your business

As the SAS TLS manager is focussed on delivering accountable consultant hours, how to get the necessary knowledge by yourself

How to get it all implemented in a secure way, no information be hack able, understandable by auditors

How to get it aligned with the core business (processes procedures policies)

SAS Consultants Checklist (92 Unix approach) I

The customer will make sure that the following requirements and prerequisites are met.

A UNIX server and a Windows workstation (client) are available. This server is dedicated exclusively to running SAS. Both machines meet the system requirements as described in:
sysreqs index

Both machines must run an OS that is supported, according to what is published at:
sysreqs host The OS on the server needs to be supported for both 9.2 BI Server Tier and 9.2 BI Mid Tier.

The customer needs to fulfill the prerequisites for Pre-Installation Steps for JBoss, WebLogic, and WebSphere Application Servers with SAS® 9.2 that are described in:
preinstall appserver

The customer will install the appropriate Java 2 SDK version according to what is described in:
JDK third party

The SAS software has been downloaded and placed on the server. This downloaded software is known as the SAS Software Depot.

The SAS Software Depot is accesible from the client, in order to perform the deployment of client components.

The SAS consultant will have access to the root password of the server.

On the server there will be a group called sas. There will be three acounts whose primary group will be sas. These accounts will be:

sasinst

User to perform the installation and configuration of SAS. This user owns the deployed SAS directories and files

sassrv

User for execution of SAS processes that benefit of a load balancing mechanism (Stored Process servers and Pooled Workspace Servers)

sasdemo

User for functional testing of the software

The SAS consultant will have access to the credentials of all of them and will be able to log on with any of them.

The sasinst user is allowed to schedule jobs using the cron scheduler.

The SAS consultant will be able to connect to the server using the sasinst account or the root account. The connection will be done with a graphical terminal using X-Windows, and it will be possible to use a UNIX desktop.
The xterm application will be found in the PATH variable. The customer will provide a client computer that will run the X Server software, which will be used to perform the required actions.

There is a computer with Internet connection and the possibility to connect an USB storage device with additional software. The purpose of this is to be able to bring additional pieces of software (third party tools, utilities, custom shell scripts, hotfixes) to the server.
The common way to perform this is to have a workstation with connection to Internet and connection to USB storage and upload files (using SFTP, FTP, or SCP) to the server.

There is a Windows workstation available with no SAS software installed. All the generic SAS clients (DI Studio, Enterprise Guide, Management Console, Information Map Studio, OLAP Cube Studio, add-in for Microsoft office) will be deployed to this workstation.
Microsoft Office 2007 must be pre-installed on this workstation to be able to to install the add-in for Microsoft Office. There will be a local administrator account available to perform the deployment on the clients.

The customer will make sure that it is easy to create accounts on the server for the different business users that will use SAS. All the accounts need to have the group sas as primary group.
All the business users will perform the authentication against the host authentication services of the server. No other authentication mechanism will be used for business users

The server will contain six different areas of storage for the following purposes:

SAS Software Depot

15 GB;

SAS Installation Folder

10 GB;

Configuration Folder

15 GB;

Web Applications

20 GB;

Data

Size depends on customer data;

Temporary Data

The result of the formula 3 * (# concurrent users) * (size average working set)

All these areas will be owned by the sasinst account, having sas as group.

The appropriate administrators of the infrastructure will be promptly available to assist in case they are needed.

The following ports are available on the server. From all workstations where SAS clients will be deployed, these ports can be reached:

SAS/CONNECT Server and Spawner

7551

SAS/SHARE Server

8551

SAS Metadata Server

8561

SAS Object Spawner - Operator Port

8581

SAS Object Spawner: pooled workspace server port bank 1

8801

SAS Object Spawner: pooled workspace server port bank 2

8811

SAS Object Spawner: pooled workspace server port bank 3

8821

Workspace Server

8591

SAS Stored Process Server: Bridge connection

8601

SAS Stored Process Server: load balancing connection 1 (MultiBridge)

8611

SAS Stored Process Server: load balancing connection 2 (MultiBridge)

8621

SAS Stored Process Server: load balancing connection 3 (MultiBridge)

8631

SAS Pooled Workspace Server

8701

SAS Deployment Tester - Server

10021

JBoss HTTP Server Port

8080

JBoss HTTPS Server Port

8443

JBoss RMI Port

1099

SAS Remote Services Application

5091

SAS Consultants Checklist (92 Unix approach) II

The customer will make sure that the server is recognized by a DNS name in the whole network of the organization.
SAS recommends to use a DNS alias for this operation. It has the advantage that changing the server requires less re-configuration on the SAS side, since the alias will remain the same.

In the case that there is a connection to a database using a SAS/ACCESS module the following additional requirements apply:

The customer will make sure that the client software / libraries for that database are installed on the server;

The customer will provide SAS with the details to access at least one table in the database. This includes steps to test the connection to the database from the database client software;

The SAS consultant will perform tests and create a test SAS-library accessing that database.

SAS will be allowed to change the permissions in any location that is below the areas mentioned earlier:

SAS Software Depot;

SAS Installation Folder;

SAS Configuration Folder;

SAS Web Applications;

SAS Data;

SAS Temporary Data.

SAS actions and deliverables

SAS will perform the following actions. All actions and deliverables that are not listed are not included in this deployment service.

Create pre-requisites on the machine.

Installation of the appropriate version of JUNIT.

Installation of the appropriate version of JBoss.

Assignment of proper permissions to different folders.

Deployment of the licensed SAS server components.

Integrated Windows Authentication will not be enabled.

SAS Internal accounts will be used where appropriate.

All web applications will be deployed automatically in a single instance of JBoss.

In the case that SAS/ACCESS is part of the software order, the SAS consultant will create a single library definition in the metadata for each SAS/ACCESS type, with a maximum of three libraries. The PC File Server will not be installed.

A single SAS environment will be configured.

All server components are deployed on a single server.

Deployment of licensed SAS client applications.

Installation of the SAS Clients on one Windows workstation.

During the deployment all choices that are made are recorded in a response file.

Creation of a script that will install silently (with the option of restart the workstation). This script will use the recorded response file. The customer can user this script together with the SAS software depot to deploy the SAS Clients to other workstations.

Functional Test of the configuration.

Functional tests will be performed from the configured workstation to make sure that the server is giving proper functional responses.

Creation of housekeeping scripts for the following activities. These scripts can be scheduled to make sure the housekeeping tasks are executed regularly:

Clean the WORK area;

Creation of a backup of the metadata to the file system;

Cleaning logs.

Documentation of the deployment.

At the end of the activities, documentation will be provided that describes the technical details of the deployment. This documented will be structured according to the standards of the SAS TLM department.

Handover of the system.

At the end of the deployment activities, the SAS consultant will run the function tests mentioned earlier together with the customer to demonstrate the correct operation of the software. During this demonstration the consultant will also briefly explain the components of the system and the documentation. The handover will take about one hour. Apart from the handover, no time is reserved for answering questions by the SAS consultant during the deployment.

If you are happy with all these requirements pre-assumptions delegated responsibility to the consultant, open security, let it be.
If you are not happy with this, read the chapter -hardening installation- part after installing. A secure maintainable installation should start by the design.
Probably when sensitive information you have no other option then not acccept this approacht as forced by regualations &amp policies (SOX Basel Solvency).

SAS 94

Announcements Presentations - changes approach

9.4 (sunz gordon_james 2013).
cloud private/public, moving to commodity hardware, common autorization service, to get to 94 93 is needed
The new web/appserver: vfabric-tcserver ,
vfabric-tcserver (vmware based on Apache TC )